Cybersecurity is a complex problem. To study the complexity underneath the system and forecast possible future cyber events, we used system dynamics (SD)modeling and simulation.Network operations are normally modeled and simulated using the discrete-event simulation (DES) techniques. Since the primary focus of the DES modeling is packet traffic, the cyberattacks and resulting defenses are viewed from the layer 3 (network layer) of the open system interconnection (OSI) model. This does not discover more harmful attacks that might occur at higher(layer 4 and above) OSI layers. There are 32 million small businesses across the United States and 81 percent of them do not have cybersecurity personnel. Today’s extraordinary (COVID-19) situation, application layer (layer 7) security is the key concern for everyone, because every business revenue is heavily dependent on online/always-on presence. Research shows that almost 70 percent of successful cyber attacks are happening at the application layer. This paper presents a new integrated SD modeling framework for the application layer security to help small businesses from cyberattacks.

.